Check out all of our upcoming events

Blog

Get news about our products, which events we are attending plus industry insights and commentary

Cyber Intelligence for Shipping assets

Written by Robert Fitzsimons on Tuesday, 16 July 2019. Posted in Cyber

cyber shipping blog a5a699b0c1c6d390e8099df44887af50

ENISA produced its first EU-report on Maritime Cyber Security back in 2011, warning of the low cyber security awareness and intelligence within the sector, the complexity of the ICT and the lack of cyber security policies. Further difficulty is added to this situation due to the fragmented nature of the maritime governance between different levels.

However, fast forward 8 years to 2019 and the first Transport Cybersecurity Conference was held in January highlighting the progress and awareness that is being made throughout the transportation industry, not just maritime.

Within the maritime industry over the last quarter alone there have been 2 separate incidents in which the US Coast Guard has sent out security alerts, highlighting the ongoing problem with cybersecurity policies and practices on board commercial vessels.

In May, a wave of spear-phishing emails were being sent out intending to spread malware across commercial vessels, posing to come from official US Port State Control authorities. The malspam campaign intended to spread malicious software which was designed to disrupt shipboard computer systems.

On July 9th the US Coast Guard published another alert indicating that a cybersecurity incident had impacted a vessel bound for the Port of New York. Whilst the malware on this occasion had not impacted the essential vessel control systems, there was ‘significantly degraded functionality of the onboard computer system.’

These are just the latest in a series of cybersecurity incidents on shipping vessels however and is not something that is considered a surprise to industry experts. A report published in 2018 by a conglomerate of 21 international shipping associations identified a ‘plethora of cyber security problems aboard ships, where investigations found ransomware, USB malware and worms on numerous occasions.’

The report also indicated interference with onboard automatic identification systems and electronic chart display and information systems, the jamming of global positioning systems and the manipulation of cargo and other ship and port systems, allowing access to ship manifests enabling the identification of crews and cargo.

The combination of such information has been linked to a hybrid of cyberattacks and physical piracy, whereby pirates have reportedly identified ships containing valuable cargo and minimal onboard security, providing a perfect target.

Whilst all of these incidents have happened through the introduction of malware/ ransomware etc within ports, the effects clearly may only be identified at sea. In either case, the malware would likely have already completed its task and caused unnecessary damage.

This highlights a growing trend with the ever more connected world whereby industries of all types need to ensure they are protecting their assets at every level. Networks such as those used within the maritime industry are already connected to the outside world, therefore it is essential that they are provided adequate levels of network security to protect their cyber threat intelligence.

About the Author

Robert Fitzsimons

Robert Fitzsimons

Rob is a Field Applications Engineer with a background in Military Intelligence who recently completed his BSc (Hons) Intelligence and Cyber Security degree.

Information cookies

Cookies are short reports that are sent and stored on the hard drive of the user's computer through your browser when it connects to a web. Cookies can be used to collect and store user data while connected to provide you the requested services and sometimes tend not to keep. Cookies can be themselves or others.

There are several types of cookies:

  • Technical cookies that facilitate user navigation and use of the various options or services offered by the web as identify the session, allow access to certain areas, facilitate orders, purchases, filling out forms, registration, security, facilitating functionalities (videos, social networks, etc..).
  • Customization cookies that allow users to access services according to their preferences (language, browser, configuration, etc..).
  • Analytical cookies which allow anonymous analysis of the behavior of web users and allow to measure user activity and develop navigation profiles in order to improve the websites.

So when you access our website, in compliance with Article 22 of Law 34/2002 of the Information Society Services, in the analytical cookies treatment, we have requested your consent to their use. All of this is to improve our services. We use Google Analytics to collect anonymous statistical information such as the number of visitors to our site. Cookies added by Google Analytics are governed by the privacy policies of Google Analytics. If you want you can disable cookies from Google Analytics.

However, please note that you can enable or disable cookies by following the instructions of your browser.